from the law-enforcement's-access-hole-is-everyone-else's-security-problem dept

The FBI lost control of the "going dark" narrative. Part of it unraveled thanks to outside vendors. Two vendors -- Cellebrite and Grayshift -- announced they could crack any iPhone made. This shot holes in the FBI's theory that locked phones stayed locked forever and thereafter were only useful for hammering legislators over the head with until they cranked out an anti-encryption law.

The second unraveling was the FBI's own unforced error. Supposedly it couldn't count phones without software and the software it had couldn't count phones. What the FBI and others claimed was 8,000 uncrackable threats to the safety of the American public was actually a little over 1,000 phones. As for the latent threat posed by these locked devices, that's still pure speculation until the FBI starts handing over some info on what criminal acts these phones are tied to.

Apple is closing the technological loophole that let authorities hack into iPhones, angering police and other officials and reigniting a debate over whether the government has a right to get into the personal devices that are at the center of modern life.

Apple said it was planning an iPhone software update that would effectively disable the phone’s charging and data port — the opening where users plug in headphones, power cables and adapters — an hour after the phone is locked. While a phone can still be charged, a person would first need to enter the phone’s password to transfer data to or from the device using the port.

Law enforcement may be angered by this but private companies are not obligated to make law enforcement's job easier. Apple's official statement on the software update is probably meant to be placating, but is unlikely to change the mind of any law enforcement official who sees this reaction to phone cracking devices as another extended middle finger from tech companies. According to Apple spokesman Fred Sainz, this fix is being issued to fix a security hole, not "frustrate" law enforcement efforts.

But law enforcement efforts will be frustrated. The same goes for criminal efforts. Any device that can crack any iPhone exploits a flaw in the software or hardware. There's no such thing as a security hole that can only be exploited for good. Grayshift's GrayBox could end up in the hands of criminals and it may well be that both vendors have already sold tech to law enforcement agencies in countries where civil liberties aren't as valued as they are in the United States.

The article quotes several law enforcement officials complaining about being locked out of iPhones again. And while the frustration is understandable, the fact is plenty of data and communications are stored in the cloud, untouched by device encryption. Generally speaking, companies like Apple and Google have been cooperative when approached directly by law enforcement, as long as the request doesn't involve breaking device encryption.

This isn't the end of the discussion. Nor should it touch off another skirmish in the Encryption War 2.0. This setback should be viewed as temporary. Holes with be found and exploits deployed and these will be met with patches and firmware upgrades by the tech companies affected. This all can be traced back to the earlier days when it was only criminals looking for ways to defeat personal security measures. Law enforcement was late to the game, but its arrival shouldn't mean companies forgo protecting their customers to avoid inconveniencing the government.